[one-users] SELinux prevents KVM deployment

Javier Fontan jfontan at gmail.com
Mon Sep 12 03:23:34 PDT 2011


I'm not familiar with SElinux and usually disable it to make VMs work
but if you still want SElinux enforcing policies check libvirt
documentation on the correct labels for the images:

http://libvirt.org/drvqemu.html#securityselinux

2011/9/11 Дмитрий Усталов <dmitry at eveel.ru>:
> Hello.
>
> I'm trying to deploy OpenNebula 2.2.1 cluster with following
> configuration:
>
> 1) `cf` (cloud front-end) node -- oned + sunstone.
> 2) `one1` node -- worker host using im_kvm, vmm_kvm, tm_ssh (host is
> perfectly monitored by oned @ cf).
>
> On one1 node I have Scientific Linux 6.1 installed with SELinux working
> in enforcing targeted mode.
>
> When I've tried to execute the sample VM with ttylinux
> ( http://opennebula.org/documentation:rel2.2:vmg ), my ttylinux VM fails
> because of permission denied to disk image (the relevant oned.log
> fragment is attached).
>
> I guess, that is the trouble in security context so I've tried to modify
> the tm_clone.sh script with chcon (like this:
> http://equivocation.org/node/122 ), but nothing happened (the modified
> script with `ls -laZR` output are attached, too).
>
> Please, tell what should I do to make me, OpenNebula & SELinux happy
> togeter.
>
> Thanks.
> --
> Dmitry A. Ustalov
> http://balcone.eveel.ru/
> icq:1996961 xmpp:eveel at xmpp.ru
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>



-- 
Javier Fontan, Grid & Virtualization Technology Engineer/Researcher
DSA Research Group: http://dsa-research.org
Globus GridWay Metascheduler: http://www.GridWay.org
OpenNebula Virtual Infrastructure Engine: http://www.OpenNebula.org



More information about the Users mailing list